Lucene search
K

21 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 9:54 p.m.12 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2026/05/26 9:54 p.m.3 views

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS6.4AI score0.01438EPSS
Exploits2References23
Snyk
Snyk
added 2026/04/30 12:31 a.m.15 views

Arbitrary Command Injection

Overview mcp-server-semgrep is a MCP Server for Semgrep Integration - static code analysis with AI Affected versions of this package are vulnerable to Arbitrary Command Injection via the analyzeresults, filterresults, exportresults, compareresults, scandirectory, or createrule functions in the MC...

7.5CVSS7.4AI score0.01394EPSS
Exploits0References2
OSV
OSV
added 2026/04/30 12:31 a.m.4 views

GHSA-86HP-QXQP-W9WV mcp-server-semgrep has a Command Injection issue

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

7.3CVSS6.9AI score0.01394EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.11 views

PT-2026-36030

Name of the Vulnerable Software and Affected Versions VetCoders mcp-server-semgrep version 1.0.0 Description Remote OS command injection is possible within the MCP Interface component in the file src/index.ts. The issue occurs when the ID argument is manipulated, affecting the functions analyze...

7.5CVSS7.1AI score0.01394EPSS
Exploits0References13
Snyk
Snyk
added 2026/02/02 8:45 p.m.2 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getattr function. An attacker can execute arbitrary code by crafting a malicious pickle file that...

8.4CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.5 views

CVE-2023-49198

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true=true=/=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue...

7.5CVSS6.6AI score0.00934EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-18917

Malware in sbrugna...

6.5CVSS3.9AI score0.00426EPSS
Exploits0References9
NVD
NVD
added 2025/08/16 12:15 a.m.6 views

CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity...

6.5CVSS0.00426EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/11/16 12:0 a.m.8 views

PT-2024-35246 · Unknown · Basepress Migration Tools

Name of the Vulnerable Software and Affected Versions: BasePress Migration Tools versions 1.0.0 and earlier Description: The issue allows an attacker to upload a web shell to a web server by exploiting an Unrestricted Upload of File with Dangerous Type vulnerability in the BasePress Migration...

9.9CVSS9.5AI score0.00478EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.4 views

PT-2025-2102 · Drupal · Drupal Views Svg Animation

Name of the Vulnerable Software and Affected Versions: Drupal Views SVG Animation versions 0.0.0 through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to...

5.5CVSS6.3AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.8 views

PT-2024-33465 · Sovratec · Sovratec Case Management

Name of the Vulnerable Software and Affected Versions: Sovratec Case Management versions n/a through 1.0.0 Description: The issue allows an attacker to upload a web shell to a web server, which can lead to further exploitation. This is due to an Unrestricted Upload of File with Dangerous Type...

10CVSS7.3AI score0.00497EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/08/21 9:37 a.m.18 views

CVE-2023-49198 Apache SeaTunnel Web: Arbitrary file read vulnerability

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users...

6.6AI score0.00934EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.7 views

PT-2024-13693 · Apache · Apache Seatunnel

Name of the Vulnerable Software and Affected Versions: Apache SeaTunnel version 1.0.0 Description: A security issue in Apache SeaTunnel allows attackers to read files on the MySQL server by modifying the information in the MySQL URL. The issue can be exploited by setting specific parameters in th...

8.7CVSS7AI score0.00934EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2024/07/30 8:15 a.m.24 views

CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...

6.9AI score0.00722EPSS
Exploits0References2
Snyk
Snyk
added 2024/01/15 3:6 p.m.4 views

Arbitrary Code Execution

Overview dom-iterator is a feature-rich, well-tested Iterator for traversing DOM nodes. Affected versions of this package are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care mus...

9.8CVSS7.6AI score0.01052EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.1 views

PT-2023-33071 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.0.1 SurrealDB version 1.1.0-beta.1 and earlier nightly releases are not affected as they already include the patch. Description: The issue arises from default table permissions in SurrealDB being set to FULL...

8.8CVSS7.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.4 views

PT-2023-10298 · WordPress · Wds Multisite Aggregate Plugin

Name of the Vulnerable Software and Affected Versions: WDS Multisite Aggregate Plugin versions up to 1.0.0 Description: A problematic issue was found in the WDS Multisite Aggregate Plugin, affecting the update options function of the file includes/WDS Multisite Aggregate Options.php. This issue...

6.1CVSS4.2AI score0.00546EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/30 12:0 a.m.6 views

PT-2023-10283 · WordPress · Icons For Features Plugin

Name of the Vulnerable Software and Affected Versions: Icons for Features Plugin version 1.0.0 Description: A problematic issue has been found in the Icons for Features Plugin on WordPress, affecting some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulati...

6.1CVSS4.5AI score0.00553EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.8 views

PT-2020-19746 · Npm · Worksmith

Name of the Vulnerable Software and Affected Versions: worksmith versions prior to 1.0.1 Description: The issue concerns Prototype Pollution via the setValue function. This affects all versions up to and including 1.0.0 of the worksmith package. Recommendations: For versions prior to 1.0.1, updat...

9.8CVSS9.4AI score0.01916EPSS
Exploits1References3
Rows per page
Query Builder